SAN FRANCISCO — From fire departments to governments, from school districts to corporations, from local utilities to grassroots organizers around the world, Twitter at its best is a tool to get a message out quickly, efficiently, directly.
It’s also a constant risk-and-reward calculation.
A recent bombshell whistleblower report from Twitter’s former head of security alleges that the social media company has been negligently lax on cybersecurity and privacy protections for its users for years. While worrisome for anyone on Twitter, the revelations could be especially concerning for those who use it to reach constituencies, get news out about emergencies and for political dissidents and activists in the crosshairs of hackers or their own governments.
“We tend to look at these companies as large, well-resourced entities who know what they’re doing — but you realize that a lot of their actions are ad hoc and reactive, driven by crises,” said Prateek Waghre, policy director at the Internet Freedom Foundation, a digital rights nonprofit in India. “Essentially, they’re often held together by cello tape or chewing gum.”
Peiter “Mudge” Zatko, who served as Twitter’s security chief until he was fired early this year, filed the complaints last month with federal U.S. authorities, alleging that the company misled regulators about its poor cybersecurity defenses and its negligence in attempting to root out fake accounts that spread disinformation. Among Zatko’s most serious accusations is that Twitter violated the terms of a 2011 FTC settlement by falsely claiming that it had put stronger measures in place to protect the security and privacy of its users.